Rule History

alert smtp $HOME_NET any -> $EXTERNAL_NET [25,587,2525] (msg:"ET MALWARE Win32.Agent.kawe SMTP Stealer"; flow:established,to_server; content:"Content-Type|3a 20|multipart/mixed|3b 0d 0a 09|boundary=|22 2d 2d 2d 2d 3d|_NextPart_000_0000_"; content:"Content-Type|3a 20|text/plain|0d 0a|Content-Transfer-Encoding|3a 20|7bit"; content:"Content-Disposition|3a 20|attachment|3b 0d 0a 09|filename|3d 22|alkunpass|22|"; fast_pattern; reference:md5,cb94fede5345784c5ace43c01419aace; classtype:trojan-activity; sid:2036963; rev:1; metadata:attack_target Client_Endpoint, created_at 2022_06_10, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2022_06_10;)